salt
/
apache-formula
forked from ExternalMirrors/apache-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
423 Commits
1 Branch
Tree: a5debf58b3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a5debf58b3'
${ noResults }
apache-formula/apache/files/RedHat/apache-2.4.config.jinja

401 lines
13KB
Raw Blame History 

  1. #

  2. # This file is managed by Salt! Do not edit by hand!

  3. #

  4. {% from "apache/map.jinja" import apache with context %}

  5. #

  6. # This is the main Apache HTTP server configuration file.  It contains the

  7. # configuration directives that give the server its instructions.

  8. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.

  9. # In particular, see 

  10. # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>

  11. # for a discussion of each configuration directive.

  12. #

  13. # Do NOT simply read the instructions in here without understanding

  14. # what they do.  They're here only as hints or reminders.  If you are unsure

  15. # consult the online docs. You have been warned.  

  16. #

  17. # Configuration and logfile names: If the filenames you specify for many

  18. # of the server's control files begin with "/" (or "drive:/" for Win32), the

  19. # server will use that explicit path.  If the filenames do *not* begin

  20. # with "/", the value of ServerRoot is prepended -- so 'log/access_log'

  21. # with ServerRoot set to '/www' will be interpreted by the

  22. # server as '/www/log/access_log', where as '/log/access_log' will be

  23. # interpreted as '/log/access_log'.

  24. 

  25. #

  26. # ServerRoot: The top of the directory tree under which the server's

  27. # configuration, error, and log files are kept.

  28. #

  29. # Do not add a slash at the end of the directory path.  If you point

  30. # ServerRoot at a non-local disk, be sure to specify a local disk on the

  31. # Mutex directive, if file-based mutexes are used.  If you wish to share the

  32. # same ServerRoot for multiple httpd daemons, you will need to change at

  33. # least PidFile.

  34. #

  35. ServerRoot "/etc/httpd"

  36. 

  37. #

  38. # Listen: Allows you to bind Apache to specific IP addresses and/or

  39. # ports, instead of the default. See also the <VirtualHost>

  40. # directive.

  41. #

  42. # Change this to Listen on specific IP addresses as shown below to 

  43. # prevent Apache from glomming onto all bound IP addresses.

  44. #

  45. #Listen 12.34.56.78:80

  46. 

  47. {% if salt['pillar.get']('apache:sites') is mapping %}

  48.     {%- set listen_directives = [] %}

  49.     {%- for id, site in salt['pillar.get']('apache:sites').items() %}

  50.         {%- set interfaces = site.get('interface', '*').split() %}

  51.         {%- set port = site.get('port', 80) %}

  52.         {%- for interface in interfaces %}

  53.             {%- if not site.get('exclude_listen_directive', False) %}

  54.                 {%- set listen_directive = interface ~ ':' ~ port %}

  55.                 {%- if listen_directive not in listen_directives %}

  56.                     {%- do listen_directives.append(listen_directive) %}

  57.                 {%- endif %}

  58.             {%- endif %}

  59.         {%- endfor %}

  60.     {%- endfor %}

  61.     {%- for listen in listen_directives %}

  62. Listen  {{ listen }}

  63.     {%- endfor %}

  64. {%- else %}

  65. Listen 80

  66. 

  67. <IfModule mod_ssl.c>

  68.     Listen 443

  69. </IfModule>

  70. 

  71. <IfModule mod_gnutls.c>

  72.     Listen 443

  73. </IfModule>

  74. {%- endif %}

  75. 

  76. #

  77. # Dynamic Shared Object (DSO) Support

  78. #

  79. # To be able to use the functionality of a module which was built as a DSO you

  80. # have to place corresponding `LoadModule' lines at this location so the

  81. # directives contained in it are actually available _before_ they are used.

  82. # Statically compiled modules (those listed by `httpd -l') do not need

  83. # to be loaded here.

  84. #

  85. # Example:

  86. # LoadModule foo_module modules/mod_foo.so

  87. #

  88. Include conf.modules.d/*.conf

  89. 

  90. #

  91. # If you wish httpd to run as a different user or group, you must run

  92. # httpd as root initially and it will switch.  

  93. #

  94. # User/Group: The name (or #number) of the user/group to run httpd as.

  95. # It is usually good practice to create a dedicated user and group for

  96. # running httpd, as with most system services.

  97. #

  98. User apache

  99. Group apache

  100. 

  101. # 'Main' server configuration

  102. #

  103. # The directives in this section set up the values used by the 'main'

  104. # server, which responds to any requests that aren't handled by a

  105. # <VirtualHost> definition.  These values also provide defaults for

  106. # any <VirtualHost> containers you may define later in the file.

  107. #

  108. # All of these directives may appear inside <VirtualHost> containers,

  109. # in which case these default settings will be overridden for the

  110. # virtual host being defined.

  111. #

  112. 

  113. #

  114. # ServerAdmin: Your address, where problems with the server should be

  115. # e-mailed.  This address appears on some server-generated pages, such

  116. # as error documents.  e.g. admin@your-domain.com

  117. #

  118. ServerAdmin root@localhost

  119. 

  120. #

  121. # ServerName gives the name and port that the server uses to identify itself.

  122. # This can often be determined automatically, but we recommend you specify

  123. # it explicitly to prevent problems during startup.

  124. #

  125. # If your host doesn't have a registered DNS name, enter its IP address here.

  126. #

  127. #ServerName www.example.com:80

  128. 

  129. #

  130. # Deny access to the entirety of your server's filesystem. You must

  131. # explicitly permit access to web content directories in other 

  132. # <Directory> blocks below.

  133. #

  134. <Directory />

  135.     AllowOverride none

  136.     Require all denied

  137. </Directory>

  138. 

  139. #

  140. # Note that from this point forward you must specifically allow

  141. # particular features to be enabled - so if something's not working as

  142. # you might expect, make sure that you have specifically enabled it

  143. # below.

  144. #

  145. 

  146. #

  147. # DocumentRoot: The directory out of which you will serve your

  148. # documents. By default, all requests are taken from this directory, but

  149. # symbolic links and aliases may be used to point to other locations.

  150. #

  151. DocumentRoot "{{ apache.wwwdir }}"

  152. 

  153. #

  154. # Relax access to content within /var/www.

  155. #

  156. <Directory "/var/www">

  157.     AllowOverride None

  158.     # Allow open access:

  159.     Require all granted

  160. </Directory>

  161. 

  162. # Further relax access to the default document root:

  163. <Directory "{{ apache.wwwdir }}">

  164.     #

  165.     # Possible values for the Options directive are "None", "All",

  166.     # or any combination of:

  167.     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

  168.     #

  169.     # Note that "MultiViews" must be named *explicitly* --- "Options All"

  170.     # doesn't give it to you.

  171.     #

  172.     # The Options directive is both complicated and important.  Please see

  173.     # http://httpd.apache.org/docs/2.4/mod/core.html#options

  174.     # for more information.

  175.     #

  176.     Options Indexes FollowSymLinks

  177. 

  178.     #

  179.     # AllowOverride controls what directives may be placed in .htaccess files.

  180.     # It can be "All", "None", or any combination of the keywords:

  181.     #   Options FileInfo AuthConfig Limit

  182.     #

  183.     AllowOverride None

  184. 

  185.     #

  186.     # Controls who can get stuff from this server.

  187.     #

  188.     Require all granted

  189. </Directory>

  190. 

  191. #

  192. # DirectoryIndex: sets the file that Apache will serve if a directory

  193. # is requested.

  194. #

  195. <IfModule dir_module>

  196.     DirectoryIndex index.html

  197. </IfModule>

  198. 

  199. #

  200. # The following lines prevent .htaccess and .htpasswd files from being 

  201. # viewed by Web clients. 

  202. #

  203. <Files ".ht*">

  204.     Require all denied

  205. </Files>

  206. 

  207. #

  208. # ErrorLog: The location of the error log file.

  209. # If you do not specify an ErrorLog directive within a <VirtualHost>

  210. # container, error messages relating to that virtual host will be

  211. # logged here.  If you *do* define an error logfile for a <VirtualHost>

  212. # container, that host's errors will be logged there and not here.

  213. #

  214. ErrorLog "{{ apache.logdir }}/error_log"

  215. 

  216. #

  217. # LogLevel: Control the number of messages logged to the error_log.

  218. # Possible values include: debug, info, notice, warn, error, crit,

  219. # alert, emerg.

  220. #

  221. LogLevel warn

  222. 

  223. <IfModule log_config_module>

  224.     #

  225.     # The following directives define some format nicknames for use with

  226.     # a CustomLog directive (see below).

  227.     #

  228.     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

  229.     LogFormat "%h %l %u %t \"%r\" %>s %b" common

  230.     {%- for log_format in salt['pillar.get']('apache:log_formats', []) %}

  231.     LogFormat {{ log_format }}

  232.     {%- endfor %}

  233. 

  234.     <IfModule logio_module>

  235.       # You need to enable mod_logio.c to use %I and %O

  236.       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

  237.     </IfModule>

  238. 

  239.     #

  240.     # The location and format of the access logfile (Common Logfile Format).

  241.     # If you do not define any access logfiles within a <VirtualHost>

  242.     # container, they will be logged here.  Contrariwise, if you *do*

  243.     # define per-<VirtualHost> access logfiles, transactions will be

  244.     # logged therein and *not* in this file.

  245.     #

  246.     #CustomLog "logs/access_log" common

  247. 

  248.     #

  249.     # If you prefer a logfile with access, agent, and referer information

  250.     # (Combined Logfile Format) you can use the following directive.

  251.     #

  252.     CustomLog "{{ apache.logdir }}/access_log" combined

  253. </IfModule>

  254. 

  255. <IfModule alias_module>

  256.     #

  257.     # Redirect: Allows you to tell clients about documents that used to 

  258.     # exist in your server's namespace, but do not anymore. The client 

  259.     # will make a new request for the document at its new location.

  260.     # Example:

  261.     # Redirect permanent /foo http://www.example.com/bar

  262. 

  263.     #

  264.     # Alias: Maps web paths into filesystem paths and is used to

  265.     # access content that does not live under the DocumentRoot.

  266.     # Example:

  267.     # Alias /webpath /full/filesystem/path

  268.     #

  269.     # If you include a trailing / on /webpath then the server will

  270.     # require it to be present in the URL.  You will also likely

  271.     # need to provide a <Directory> section to allow access to

  272.     # the filesystem path.

  273. 

  274.     #

  275.     # ScriptAlias: This controls which directories contain server scripts. 

  276.     # ScriptAliases are essentially the same as Aliases, except that

  277.     # documents in the target directory are treated as applications and

  278.     # run by the server when requested rather than as documents sent to the

  279.     # client.  The same rules about trailing "/" apply to ScriptAlias

  280.     # directives as to Alias.

  281.     #

  282.     ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

  283. 

  284. </IfModule>

  285. 

  286. #

  287. # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased

  288. # CGI directory exists, if you have that configured.

  289. #

  290. <Directory "/var/www/cgi-bin">

  291.     AllowOverride None

  292.     Options None

  293.     Require all granted

  294. </Directory>

  295. 

  296. <IfModule mime_module>

  297.     #

  298.     # TypesConfig points to the file containing the list of mappings from

  299.     # filename extension to MIME-type.

  300.     #

  301.     TypesConfig /etc/mime.types

  302. 

  303.     #

  304.     # AddType allows you to add to or override the MIME configuration

  305.     # file specified in TypesConfig for specific file types.

  306.     #

  307.     #AddType application/x-gzip .tgz

  308.     #

  309.     # AddEncoding allows you to have certain browsers uncompress

  310.     # information on the fly. Note: Not all browsers support this.

  311.     #

  312.     #AddEncoding x-compress .Z

  313.     #AddEncoding x-gzip .gz .tgz

  314.     #

  315.     # If the AddEncoding directives above are commented-out, then you

  316.     # probably should define those extensions to indicate media types:

  317.     #

  318.     AddType application/x-compress .Z

  319.     AddType application/x-gzip .gz .tgz

  320. 

  321.     #

  322.     # AddHandler allows you to map certain file extensions to "handlers":

  323.     # actions unrelated to filetype. These can be either built into the server

  324.     # or added with the Action directive (see below)

  325.     #

  326.     # To use CGI scripts outside of ScriptAliased directories:

  327.     # (You will also need to add "ExecCGI" to the "Options" directive.)

  328.     #

  329.     #AddHandler cgi-script .cgi

  330. 

  331.     # For type maps (negotiated resources):

  332.     #AddHandler type-map var

  333. 

  334.     #

  335.     # Filters allow you to process content before it is sent to the client.

  336.     #

  337.     # To parse .shtml files for server-side includes (SSI):

  338.     # (You will also need to add "Includes" to the "Options" directive.)

  339.     #

  340.     AddType text/html .shtml

  341.     AddOutputFilter INCLUDES .shtml

  342. </IfModule>

  343. 

  344. #

  345. # Specify a default charset for all content served; this enables

  346. # interpretation of all content as UTF-8 by default.  To use the 

  347. # default browser choice (ISO-8859-1), or to allow the META tags

  348. # in HTML content to override this choice, comment out this

  349. # directive:

  350. #

  351. AddDefaultCharset {{ apache.default_charset }}

  352. 

  353. <IfModule mime_magic_module>

  354.     #

  355.     # The mod_mime_magic module allows the server to use various hints from the

  356.     # contents of the file itself to determine its type.  The MIMEMagicFile

  357.     # directive tells the module where the hint definitions are located.

  358.     #

  359.     MIMEMagicFile conf/magic

  360. </IfModule>

  361. 

  362. #

  363. # Customizable error responses come in three flavors:

  364. # 1) plain text 2) local redirects 3) external redirects

  365. #

  366. # Some examples:

  367. #ErrorDocument 500 "The server made a boo boo."

  368. #ErrorDocument 404 /missing.html

  369. #ErrorDocument 404 "/cgi-bin/missing_handler.pl"

  370. #ErrorDocument 402 http://www.example.com/subscription_info.html

  371. #

  372. 

  373. #

  374. # EnableMMAP and EnableSendfile: On systems that support it, 

  375. # memory-mapping or the sendfile syscall may be used to deliver

  376. # files.  This usually improves server performance, but must

  377. # be turned off when serving from networked-mounted 

  378. # filesystems or if support for these functions is otherwise

  379. # broken on your system.

  380. # Defaults if commented: EnableMMAP On, EnableSendfile Off

  381. #

  382. #EnableMMAP off

  383. EnableSendfile on

  384. 

  385. {%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %}

  386. {{ directive }} {{ dvalue }}

  387. {%- endfor %}

  388. 

  389. # Supplemental configuration

  390. #

  391. # Load config files in the "/etc/httpd/conf.d" directory, if any.

  392. IncludeOptional {{ apache.confdir }}/*.conf

  393. {% if apache.vhostdir != apache.confdir %}

  394. IncludeOptional {{ apache.vhostdir }}/*.conf

  395. {% endif %}

  396. 

  397. # Added for security enhancements

  398. TraceEnable off

  399. ServerSignature off

  400. ServerTokens Prod